1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Homepage hijacked by clickit

Discussion in 'Malware and Virus Removal Archive' started by Balthior, 2005/01/01.

Thread Status:
Not open for further replies.
  1. 2005/01/01
    Balthior

    Balthior Inactive Thread Starter

    Joined:
    2004/10/22
    Messages:
    36
    Likes Received:
    0
    HELP! MY homepage has been hijacked by clickit. I have run AdAware and Spybot, HijackThis, Spysweeper and several other utils without success. I can remove the appended redirect language from the IE address toolbar and can get into my homepage account that way, although if I logoff or reboot the original problem reoccurs. Once I remove the Clickit appended language (Clickit.go2net.com/...) I can then get back to my original homepage using the home icon on the toolbar or typing the URL into the address line for the current login session only.
    I have also substituted the hijacked page sourcecode with the sourcecode for the original non-hijacked homepage code at Verizon.net but doing so is only temporary and it does not stay changed after I reboot or logout. I have searched my registry using regedit for clickit references but none can be found. This is a very annoying problem and any help anyone can provide would be greatly appreciated.

    [rant on]IMHO, It should be flat-out illegal for anyone to install tracking software, or software on any kind, on any other person's computer without the expressed written permission of the computer's owner. Those doing so are essentially STEALING valuable and costly hard drive space which they have not legally purchased. This practice is basically no different than stealing someone's car and going for a joyride in it without the owner's permission. Why, then, do we allow this nefarious and blatantly illegal practice to occur on our home or office computers?[rant off]

    Thank you.
     
    Balthior,
    #1
  2. 2005/01/01
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi

    Post a Hijackthis log from the new version (1.99) after surfing a bit and not fixing things so we can see whats going on.
     
    Lonny Jones,
    #2


  3. to hide this advert.

  4. 2005/01/06
    Balthior

    Balthior Inactive Thread Starter

    Joined:
    2004/10/22
    Messages:
    36
    Likes Received:
    0
    Hello Lonny,

    Thanks for your prompt reply! I'll do as you suggest and post the log ASAP. I appreciate your help.
     
    Balthior,
    #3
  5. 2005/01/09
    Balthior

    Balthior Inactive Thread Starter

    Joined:
    2004/10/22
    Messages:
    36
    Likes Received:
    0
    Here is the Hijack This log for the scan that I ran on 1/9/05. The top 3 entries in the second set of scan results look to have something to do with my start or home page. I can ask HJT to "fix" them if that would be useful.

    Logfile of HijackThis v1.98.2
    Scan saved at 10:51:24 AM, on 1/9/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    .........................


    Admin note: As Lonny specified in post #2, you need to get the latest version, 1.99, and post a log from it. Lots of new stuff since your 1.98.2 version.
     
    Balthior,
    #4
  6. 2005/01/09
    Dave932932

    Dave932932 Inactive

    Joined:
    2005/01/06
    Messages:
    185
    Likes Received:
    0
    Usually anything with a "search ", "dialer ", or "download/install" in their name is blatant malware. I use a non-IE6 broswer too, Opera!!!
     
    Dave932932,
    #5
  7. 2005/01/10
    Balthior

    Balthior Inactive Thread Starter

    Joined:
    2004/10/22
    Messages:
    36
    Likes Received:
    0
    I thought I had used the newer version but I inadvertantly used the previous one instead; I had saved the newer .exe file in a different location!! Mea Culpa. Here is the newer HijackThis version's logfile:

    Logfile of HijackThis v1.99.0
    Scan saved at 8:21:53 AM, on 1/10/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Password Pal\PassPal.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
    C:\Program Files\InterMute\SpySubtract\SpySub.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Webshots\WebshotsTray.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\Explorer.EXE
    C:\Downloads\Utils\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dslstart.verizon.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot12\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Password Pal] C:\Program Files\Password Pal\PassPal.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe "
    O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/152393181f9bddd80405/netzip/RdxIE601.cab
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www.ibm.com/pc/support/access/sdccommon/download/IbmEgath.cab
    O16 - DPF: {763C10EE-E4C6-49AA-9325-F15ABF1C52B0} (X1 DownloadControl Class) - http://www.x1.com/download/X1WebInstall.cab
    O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebSWK.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Indexing Service - Unknown - C:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: LicCtrl Service - Unknown - C:\WINDOWS\runservice.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe
    O23 - Service: Iomega Active Disk - Unknown - C:\Program Files\Iomega\AutoDisk\ADService.exe (file missing)

    BTW, I have tried Mozilla Firefox and still receive the hijacked home page within it.

    Thank you.
     
    Balthior,
    #6
  8. 2005/01/11
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hello

    It would be helpfull to see a log taken when you havent made any changes and if SpySubtract or winpatrol have been preventing anything turn them off for now, then surf a bit and make/post a new log.

    Do this also please, run hijackthis hit > config > misc tools > open process manager, hilight explorer.exe > tick show dll's use the save list to files option (floppy icon) and ost that back here.
     
    Lonny Jones,
    #7
  9. 2005/01/11
    Balthior

    Balthior Inactive Thread Starter

    Joined:
    2004/10/22
    Messages:
    36
    Likes Received:
    0
    Hello,

    Here is the process list that you requested. I'll perform your other suggested operations today and post the results ASAP.

    Process list saved on 10:21:56 AM, on 1/11/2005
    Platform: Windows XP SP1 (WinNT 5.01.2600)

    [full path to filename] [file version] [company name]
    C:\WINDOWS\System32\smss.exe 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\winlogon.exe 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\services.exe 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\system32\lsass.exe 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\svchost.exe 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\system32\spoolsv.exe 5.1.2600.0 Microsoft Corporation
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe 7.1.0.299 GRISOFT, s.r.o.
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe 7.1.0.285 GRISOFT, s.r.o.
    C:\WINDOWS\runservice.exe
    C:\WINDOWS\System32\nvsvc32.exe 6.14.10.5216 NVIDIA Corporation
    C:\WINDOWS\System32\tcpsvcs.exe 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\svchost.exe 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe 5.5.62.4 Zone Labs Inc.
    C:\WINDOWS\Explorer.EXE 6.0.2800.1221 Microsoft Corporation
    C:\Program Files\Password Pal\PassPal.exe 2.0.0.811 Dotted Decimal Software
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe 5.5.62.4 Zone Labs Inc.
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe 7.1.0.298 GRISOFT, s.r.o.
    C:\WINDOWS\System32\RUNDLL32.EXE 5.1.2600.0 Microsoft Corporation
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe 3.0.0.1008 Panicware, Inc.
    C:\Program Files\InterMute\SpySubtract\SpySub.exe 1.0.1.49 InterMute, Inc.
    C:\WINDOWS\System32\devldr32.exe 1.0.0.17 Creative Technology Ltd.
    C:\Program Files\Webshots\WebshotsTray.exe 1.3.0.3826 The Webshots Corporation
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE 9.0.0.6604 Microsoft Corporation
    C:\WINDOWS\system32\winlogon.exe 5.1.2600.1106 Microsoft Corporation
    C:\Program Files\Internet Explorer\IEXPLORE.EXE 6.0.2800.1106 Microsoft Corporation
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe 7.1.0.295 GRISOFT, s.r.o.
    C:\WINDOWS\System32\wuauclt.exe 5.4.3790.2182 Microsoft Corporation
    C:\Documents and Settings\MRCooke\Desktop\Programs & Utils\HijackThis.exe 1.98.0.2 Soeperman Enterprises Ltd.


    DLLs loaded by process C:\WINDOWS\Explorer.EXE:

    [full path to filename] [file version] [company name]
    C:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 Microsoft Corporation
    C:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 Microsoft Corporation
    C:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 Microsoft Corporation
    C:\WINDOWS\system32\USER32.dll 5.1.2600.1255 Microsoft Corporation
    C:\WINDOWS\system32\SHLWAPI.dll 6.0.2800.1552 Microsoft Corporation
    C:\WINDOWS\system32\SHELL32.dll 6.0.2800.1556 Microsoft Corporation
    C:\WINDOWS\system32\ole32.dll 5.1.2600.1362 Microsoft Corporation
    C:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft Corporation
    C:\WINDOWS\System32\BROWSEUI.dll 6.0.2800.1400 Microsoft Corporation
    C:\WINDOWS\System32\SHDOCVW.dll 6.0.2800.1400 Microsoft Corporation
    C:\WINDOWS\System32\UxTheme.dll 6.0.2800.1106 Microsoft Corporation
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1515_x-ww_7bb98b8a\comctl32.dll 6.0.2800.1515 Microsoft Corporation
    C:\WINDOWS\system32\comctl32.dll 5.82.2800.1106 Microsoft Corporation
    C:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53 Microsoft Corporation
    C:\WINDOWS\System32\COMRes.dll 2001.12.4414.42 Microsoft Corporation
    C:\WINDOWS\system32\VERSION.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\cscui.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\themeui.dll 6.0.2800.1106 Microsoft Corporation
    C:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\netapi32.dll 5.1.2600.1562 Microsoft Corporation
    C:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\ATL.DLL 3.0.9435.0 Microsoft Corporation
    C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\netshell.dll 5.1.2600.1254 Microsoft Corporation
    C:\WINDOWS\System32\credui.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\iphlpapi.dll 5.1.2600.2 Microsoft Corporation
    C:\WINDOWS\System32\urlmon.dll 6.0.2800.1400 Microsoft Corporation
    C:\WINDOWS\System32\msi.dll 2.0.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 Microsoft Corporation
    C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 Microsoft Corporation
    C:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 Microsoft Corporation
    C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 Microsoft Corporation
    C:\Program Files\Panicware\Pop-Up Stopper Free Edition\XAHook.dll 1.0.0.1008 Panicware, Inc.
    C:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\serwvdrv.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\umdmxfrm.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\webcheck.dll 6.0.2800.1106 Microsoft Corporation
    C:\WINDOWS\System32\stobject.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\BatMeter.dll 6.0.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\POWRPROF.dll 6.0.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\upnpui.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\upnp.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\WININET.dll 6.0.2800.1405 Microsoft Corporation
    C:\WINDOWS\System32\SSDPAPI.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\mswsock.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\msacm32.drv 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\midimap.dll 5.1.2600.0 Microsoft Corporation
    c:\Program Files\interMute\SpySubtract\sshook.dll 1.0.1.49 InterMute, Inc.
    C:\WINDOWS\System32\printui.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\system32\MPR.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\fxsst.dll 5.2.1776.1023 Microsoft Corporation
    C:\WINDOWS\System32\FXSAPI.dll 5.2.1776.1023 Microsoft Corporation
    C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\drprov.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\davclnt.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\shdoclc.dll 6.0.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\SXS.DLL 5.1.2600.1515 Microsoft Corporation
    C:\WINDOWS\System32\browselc.dll 6.0.2800.1106 Microsoft Corporation
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.1091 Adobe Systems Incorporated
    C:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\comdlg32.dll 6.0.2800.1106 Microsoft Corporation
    C:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 Microsoft Corporation
    C:\WINDOWS\System32\ODBC32.dll 3.525.1022.0 Microsoft Corporation
    C:\WINDOWS\System32\odbcint.dll 3.525.1022.0 Microsoft Corporation
    C:\WINDOWS\System32\OLEPRO32.DLL 5.0.5014.0 Microsoft Corporation
    C:\PROGRA~1\Spybot12\SDHelper.dll 1.3.0.12 Safer Networking Limited
    C:\WINDOWS\System32\ACTXPRXY.DLL 6.0.2600.0 Microsoft Corporation
    C:\Program Files\Canon\Easy-WebPrint\Toolband.dll 2.0.0.15
    C:\WINDOWS\System32\MSVFW32.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\MFC42.DLL 6.0.8665.0 Microsoft Corporation
    C:\WINDOWS\System32\MSVCP60.dll 6.0.8972.0 Microsoft Corporation
    C:\Program Files\Canon\Easy-WebPrint\Resource.dll 2.0.0.15
    C:\WINDOWS\System32\DCIMAN32.DLL 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\netshell.dll 5.1.2600.1254 Microsoft Corporation
    C:\WINDOWS\System32\credui.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\upnp.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\System32\SSDPAPI.dll 5.1.2600.1106 Microsoft Corporation
    C:\WINDOWS\system32\MPR.dll 5.1.2600.0 Microsoft Corporation
    C:\WINDOWS\System32\urlmon.dll 6.0.2800.1400 Microsoft Corporation

    Thanks!
     
    Balthior,
    #8
  10. 2005/01/11
    Lonny Jones

    Lonny Jones Inactive Alumni

    Joined:
    2002/12/16
    Messages:
    2,252
    Likes Received:
    0
    Hi

    And a normal log without having changed things ?

    Do another process log for files under Internet explorer.
    What we are looking for is any dll's with no information, then do research on those. so if there are none no reason to post it.

    A good hosts file will will block those urls you mention
    "Blocking Unwanted Parasites with a Hosts File:" http://www.mvps.org/winhelp2002/hosts.htm
     
    Lonny Jones,
    #9
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...